Cisco Cisco Meeting Server 2000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
8
Figure 2: Certificate Chain of Trust
To enable connecting devices to verify a chain of trust, every certificate includes two fields:
"Issued To" and "Issued By". An intermediate CA will show different information in these two
fields, to show a connecting device where to continue checking, if necessary, in order to
establish trust. Root CA certificates are "Issued To" and "Issued By" themselves, so no further
checking is possible.
"Issued To" and "Issued By". An intermediate CA will show different information in these two
fields, to show a connecting device where to continue checking, if necessary, in order to
establish trust. Root CA certificates are "Issued To" and "Issued By" themselves, so no further
checking is possible.
For example, if Entity A (web server www.example.com) is challenged for authentication by
Entity B (web client), Entity A will need to present its certificate and certificate chain to Entity B.
Entity B (web client), Entity A will need to present its certificate and certificate chain to Entity B.
Figure 3: Certificate chain for Entity A
Certificate 1 - Issued To: example.com; Issued By: Intermediate CA 1
Certificate 2 - Issued To: Intermediate CA 1; Issued By: Intermediate CA 2
Certificate 3 - Issued To: Intermediate CA 2; Issued By: Root CA
Providing Entity B has in its trust store the certificate for Root CA, a secure connection can be
established between Entity A and Entity B. Entity B can use Entity A’s public key to encrypt
messages and send them to Entity A. Only Entity A has access to the private key, so only Entity A
can decrypt the messages.
established between Entity A and Entity B. Entity B can use Entity A’s public key to encrypt
messages and send them to Entity A. Only Entity A has access to the private key, so only Entity A
can decrypt the messages.
1 Introduction